icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

Successful Shell Attack Detected - Cisco 'show mac-address-table' Command

High

Synopsis

The results of a Cisco IOS command occurred in a TCP session normally used for a standard service.

Description

The results of a Cisco IOS command occurred in a TCP session normally used for a standard service. This may indicate that a successful compromise of the router or switch has occurred.

Solution

The command activity observed is indicative of a possible compromise. Consider performing a full audit of the system to investigate further.